RFC 7666
Management Information Base for Virtual Machines Controlled by a Hypervisor
6.2. IANA-STORAGE-MEDIA-TYPE-MIB
IANA-STORAGE-MEDIA-TYPE-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, mib-2 FROM SNMPv2-SMI TEXTUAL-CONVENTION FROM SNMPv2-TC; ianaStorageMediaTypeMIB MODULE-IDENTITY LAST-UPDATED "201510120000Z" -- 12 October 2015 ORGANIZATION "IANA" CONTACT-INFO "Internet Assigned Numbers Authority Postal: ICANN 12025 Waterfront Drive, Suite 300 Los Angeles, CA 90094-2536 United States Tel: +1 310-301-5800 Email: iana@iana.org" DESCRIPTION "This MIB module defines Textual Conventions representing the media type of a storage device. Copyright (c) 2015 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the
Simplified BSD License set forth in Section 4.c of the
IETF Trust's Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info)."
REVISION "201510120000Z" -- 12 October 2015
DESCRIPTION
"The initial version of this MIB, published as
RFC 7666."
::= { mib-2 237 }
IANAStorageMediaType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The media type of a storage device:
unknown(1) The media type is unknown, e.g., because
the implementation failed to obtain the
media type from the hypervisor.
other(2) The media type is other than those
defined in this conversion.
hardDisk(3) The media type is hard disk.
opticalDisk(4) The media type is optical disk.
floppyDisk(5) The media type is floppy disk."
SYNTAX INTEGER {
other(1),
unknown(2),
hardDisk(3),
opticalDisk(4),
floppyDisk(5)
}
END
7. IANA Considerations
This document defines the first version of the IANA-maintained IANA-STORAGE-MEDIA-TYPE-MIB module, which allows new storage media types to be added to the enumeration in IANAStorageMediaType. An Expert Review, as defined in RFC 5226 [RFC5226], is REQUIRED for each modification. The MIB module in this document uses the following IANA-assigned OBJECT IDENTIFIER values recorded in the SMI Numbers registry: Descriptor OBJECT IDENTIFIER value ---------- ----------------------- vmMIB { mib-2 236 } ianaStorageMediaTypeMIB { mib-2 237 }8. Security Considerations
This MIB module is typically implemented on the hypervisor not inside a virtual machine. Virtual machines, possibly under other administrative domains, would not have access to this MIB as the SNMP service would typically operate in a separate management network. There are two objects defined in this MIB module, vmPerVMNotificationsEnabled and vmBulkNotificationsEnabled, that have a MAX-ACCESS clause of read-write. Enabling notifications can lead to a substantial number of notifications if many virtual machines change their state concurrently. Hence, such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on the management system. It is RECOMMENDED that these objects have access of read-only instead of read-write on deployments where SNMPv3 strong security (i.e., authentication and encryption) is not used. There are a number of managed objects in this MIB that may contain sensitive information. The objects in the vmHvSoftware and vmHvVersion list information about the hypervisor's software and version. Some may wish not to disclose to others which software they are running. Further, an inventory of the running software and versions may be helpful to an attacker who hopes to exploit software bugs in certain applications. Moreover, the objects in the vmTable, vmCpuTable, vmCpuAffinityTable, vmStorageTable, and vmNetworkTable list information about the virtual machines and their virtual resource allocation. Some may wish not to disclose to others how many and what virtual machines they are operating.
It is thus important to control even GET access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. Not all versions of SNMP provide features for such a secure environment. SNMPv1 by itself is not a secure environment. Even if the network itself is secure (for example by using IPsec), there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is recommended that the implementers consider using the security features as provided by the SNMPv3 framework. Specifically, the use of the User-based Security Model [RFC3414] and the View-based Access Control Model [RFC3415] is recommended. It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.9. References
9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>. [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, DOI 10.17487/RFC2578, April 1999, <http://www.rfc-editor.org/info/rfc2578>. [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, <http://www.rfc-editor.org/info/rfc2579>. [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Conformance Statements for SMIv2", STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, <http://www.rfc-editor.org/info/rfc2580>.
[RFC2790] Waldbusser, S. and P. Grillo, "Host Resources MIB", RFC 2790, DOI 10.17487/RFC2790, March 2000, <http://www.rfc-editor.org/info/rfc2790>. [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000, <http://www.rfc-editor.org/info/rfc2863>. [RFC3413] Levi, D., Meyer, P., and B. Stewart, "Simple Network Management Protocol (SNMP) Applications", STD 62, RFC 3413, DOI 10.17487/RFC3413, December 2002, <http://www.rfc-editor.org/info/rfc3413>. [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", STD 62, RFC 3414, DOI 10.17487/RFC3414, December 2002, <http://www.rfc-editor.org/info/rfc3414>. [RFC3415] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3415, DOI 10.17487/RFC3415, December 2002, <http://www.rfc-editor.org/info/rfc3415>. [RFC3418] Presuhn, R., Ed., "Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3418, DOI 10.17487/RFC3418, December 2002, <http://www.rfc-editor.org/info/rfc3418>. [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, DOI 10.17487/RFC5226, May 2008, <http://www.rfc-editor.org/info/rfc5226>. [RFC6933] Bierman, A., Romascanu, D., Quittek, J., and M. Chandramouli, "Entity MIB (Version 4)", RFC 6933, DOI 10.17487/RFC6933, May 2013, <http://www.rfc-editor.org/info/rfc6933>.9.2. Informative References
[IEEE8021-BRIDGE-MIB] IEEE, "IEEE8021-BRIDGE-MIB", October 2008, <http://www.ieee802.org/1/files/public/MIBs/ IEEE8021-BRIDGE-MIB-200810150000Z.txt>.
[IEEE8021-Q-BRIDGE-MIB] IEEE, "IEEE8021-Q-BRIDGE-MIB", October 2008, <http://www.ieee802.org/1/files/public/MIBs/ IEEE8021-Q-BRIDGE-MIB-200810150000Z.txt>. [libvirt] The libvirt developers, "The libvirt virtialization API", <http://www.libvirt.org/>. [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, DOI 10.17487/RFC3410, December 2002, <http://www.rfc-editor.org/info/rfc3410>. [VMware] VMware, Inc., "The VMware Hypervisor", <http://www.vmware.com/>. [Xen] The Xen Project, "The Xen Hypervisor", <http://www.xenproject.org/>.
Appendix A. State Transition Table
+--------------+----------------+--------------+--------------------+ | State | Change to | Next State | Notification | | | vmAdminState | | | | | at the | | | | | hypervisor or | | | | | (Event) | | | +--------------+----------------+--------------+--------------------+ | suspended | running | resuming | vmResuming | | | | | | vmBulkResuming | | | | | | | suspending | (suspend | suspended | vmSuspended | | | | operation | | vmBulkSuspended | | | completed) | | | | | | | | | running | suspended | suspending | vmSuspending | | | | | | vmBulkSuspending | | | | | | | | shutdown | shuttingdown | vmShuttingdown | | | | | | vmBulkShuttingdown | | | | | | | | (migration to | migrating | vmMigrating | | | | other | | vmBulkMigrating | | | hypervisor | | | | | initiated) | | | | | | | | | resuming | (resume | running | vmRunning | | | | operation | | vmBulkRunning | | | completed) | | | | | | | | | paused | running | running | vmRunning | | | | | | vmBulkRunning | | | | | | | shuttingdown | (shutdown | shutdown | vmShutdown | | | | operation | | vmBulkShutdown | | | completed) | | | | | | | | | shutdown | running | running | vmRunning | | | | | | vmBulkRunning | | | | | | | | (if this state | migrating | vmMigrating | | | | entry is | | vmBulkMigrating | | | created by a | | | | | migration | | | | | operation (*) | | | | | | | |
| | (deletion | (no state) | vmDeleted | |
| | operation | | vmBulkDeleted |
| | completed) | | |
| | | | |
| migrating | (migration | running | vmRunning | |
| | from other | | vmBulkRunning |
| | hypervisor | | |
| | completed) | | |
| | | | |
| | (migration to | shutdown | vmShutdown | |
| | other | | vmBulkShutdown |
| | hypervisor | | |
| | completed) | | |
| | | | |
| preparing | (preparation | shutdown | vmShutdown | |
| | completed) | | vmBulkShutdown |
| | | | |
| crashed | - | - | - |
| | | | |
| | (crashed) | crashed | vmCrashed | |
| | | | vmBulkCrashed |
| | | | |
| (no state) | (preparation | preparing | - |
| | initiated) | | |
| | | | |
| | (migrate from | shutdown (*) | vmShutdown | |
| | other | | vmBulkShutdown |
| | hypervisor | | |
| | initiated) | | |
+--------------+----------------+--------------+--------------------+
State Transition Table for vmOperState
Acknowledgements
The authors would like to thank Andy Bierman, David Black, Joe Marcus Clarke, C.M. Heard, Joel Jaeggli, Tom Petch, Randy Presuhn, and Ian West for providing helpful comments during the development of this specification. Juergen Schoenwaelder was partly funded by Flamingo, a Network of Excellence project (ICT-318488) supported by the European Commission under its Seventh Framework Programme.Contributors
Yuji Sekiya The University of Tokyo 2-11-16 Yayoi Bunkyo-ku, Tokyo 113-8658 Japan Email: sekiya@wide.ad.jp Cathy Zhou Huawei Technologies Bantian, Longgang District Shenzhen 518129 China Email: cathyzhou@huawei.com Hiroshi Esaki The University of Tokyo 7-3-1 Hongo Bunkyo-ku, Tokyo 113-8656 Japan Email: hiroshi@wide.ad.jp
Authors' Addresses
Hirochika Asai The University of Tokyo 7-3-1 Hongo Bunkyo-ku, Tokyo 113-8656 Japan Phone: +81 3 5841 6748 Email: panda@hongo.wide.ad.jp Michael MacFaden VMware Inc. Email: mrm@vmware.com Juergen Schoenwaelder Jacobs University Campus Ring 1 Bremen 28759 Germany Email: j.schoenwaelder@jacobs-university.de Keiichi Shima IIJ Innovation Institute Inc. 2-10-2 Fujimi Chiyoda-ku, Tokyo 102-0071 Japan Email: keiichi@iijlab.net Tina Tsou Huawei Technologies (USA) 2330 Central Expressway Santa Clara, CA 95050 United States Email: tina.tsou.zouting@huawei.com